Guarddog/Firestarter differences

I'd like to know what are the main differences between guarddog and firestarter.
I'd also like to know which of these 2 firewalls is better for someone who has used Win most of his life, recently turned to Linux (that's right, I'm talking about me ), and has never used another firewall other than the winXP default.
I don't mind spending some time learning, my vacations start tomorrow

you don't need a Firewall or a Antivirus if you haven't a Network. Just disable all your Network Services and you are safe, and that's the standard setting with Kubuntu-Ubuntu after Installation.
Here is a good (german only) link:

I have really started in the past couple of months to advocate firewall usage regardless of the OS and of the number of services available. The reason for this is because many exploits found in Linux and in BSD are DOS that are caused by incorrect handling of packets by the kernel. The firewall would stop any of these packets before they had the chance to hit the kernel.

That being said, Guarddog and Firestarter are the same firewall (iptables). However, they are just different GUIs that make it easier to edit firewall rules without having to learn any of the mombo jombo of iptables so try one and see if you are comfortable with it. If you don't like it, then try the other one.

So what if u don,t use one of these FWs? Default handling of packets by linux willl not be enough?

Click to expand...

There is always the possibility of some app being installed either accidently or improperly configured to accept connections from more then it should thus leaving your pc exposed if that app has any vulnerabilities or you haven't properly secured it. The firewall would prevent this from happening since it would block all incoming connections unless you explicitly allow them to happen.

Also, as I said in the previous post, many vulnerabilities in Os's is how they improperly handle packets (especially IPv6 since it really isn't widely used and is still being worked on and becoming battle tested) If someone were to send you a bad packet, then your computer could crash, or lose your internet connection. Possibly quite annoying and may cause a loss of data if anything is open and not properly saved and recovered. Just possibilities, but none the less, important things that should be prevented at all costs.

Of course you can argue that the firewall is just another layer of code you are exposing to the internet, but there have been very few vulnerabilities in IPtables in the past (the last was in 2002 I think) and pf hasn't had one yet. In comparison, almost all *nixs have had some type of remote DOS attack vulnerability that has been patched of course, but still if you don't get the latest kernel or have a firewall protecting yourself, you have the small chance of being a victim. Better safe then sorry, and the firewall causes negligible impact on performance, especially with the great firewalls for the free OSs that are included automatically (iptables, pf, ipfw, etc.)

Also, these firewalls don't have any application control, so you don't have to worry about popups, just getting them up and keeping state on all outgoing connections and denying anything else, and you should be good to go.

Thank you Alphalutra1, now i know i'm not crazy. iptables creates a visible policy for me, i never liked the idea of not using it.

If i try something like samba, or use amule, i KNOW nothing is listening, even if i noobconfigure it.

HURST, you won't regret it. Just save some time for it. Go to the website, read Networking Concepts HOWTO, Packet Filtering HOWTO, the others only if your interested (these will get you going).
I liked this Howto also, it gives someone's insight on building rules.
Then you got man pages for completeness, or this big tutorial by Oskar Andreasson. It's on my todo list, so i really don't know how it is. Probably we won't use half of it, but it's supposed to be the best/ one of the best guides.

Thanks Alphalutra1! I am not sure but as I understand that FireStarter or any Guard Dog is just a GUI for ip tables. So my Q is that if I don,t install and run any of these FWS, IP tables are not being used bt default?

Thank you Alphalutra1, now i know i'm not crazy. iptables creates a visible policy for me, i never liked the idea of not using it.

If i try something like samba, or use amule, i KNOW nothing is listening, even if i noobconfigure it.

HURST, you won't regret it. Just save some time for it. Go to the website, read Networking Concepts HOWTO, Packet Filtering HOWTO, the others only if your interested (these will get you going).
I liked this Howto also, it gives someone's insight on building rules.
Then you got man pages for completeness, or this big tutorial by Oskar Andreasson. It's on my todo list, so i really don't know how it is. Probably we won't use half of it, but it's supposed to be the best/ one of the best guides.

Click to expand...

Hello,
Another thing you should always do is restrict the range of IPs that can listen to these ports. For example, samba / cups, I always restrict to local addresses, so there are no open ports to the wide world.
Mrk

Hello,
Another thing you should always do is restrict the range of IPs that can listen to these ports. For example, samba / cups, I always restrict to local addresses, so there are no open ports to the wide world.
Mrk

Click to expand...

In iptables and samba? I think i read somewhere that samba can restrict also, but i haven't tried samba yet. Can it?

aigle: yes, Firestarter will load its rules in iptables once you finish configuration.